From 83a71c6c467b90bbef86ffe4559bd651d198dbb3 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Tue, 24 Dec 2019 18:25:55 +0100 Subject: [PATCH] Update logcheck ignores --- ansible/etc/logcheck/ignore.d.server/local-server.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/etc/logcheck/ignore.d.server/local-server.j2 b/ansible/etc/logcheck/ignore.d.server/local-server.j2 index 9469521..a2c7eed 100644 --- a/ansible/etc/logcheck/ignore.d.server/local-server.j2 +++ b/ansible/etc/logcheck/ignore.d.server/local-server.j2 @@ -27,13 +27,17 @@ ^[ :[:alnum:]]{15} {{ hostname }} acct\[[0-9]+\]: Done.. ^[ :[:alnum:]]{15} {{ hostname }} auditd\[[0-9]+\]: Audit daemon rotating log files ^[ :[:alnum:]]{15} {{ hostname }} dbus-daemon\[[0-9]+\]: \[system\] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service' requested by '[:.[:digit:]]+' \(uid=0 pid=[[:digit:]]+ comm=\"/usr/bin/gdbus call --system --dest org.freedeskto\"\) +^[ :[:alnum:]]{15} {{ hostname }} dbus-daemon\[[0-9]+\]: \[system\] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by '[:.[:digit:]]+' \(uid=0 pid=[[:digit:]]+ comm=\"/usr/lib/packagekit/packagekitd \"\) ^[ :[:alnum:]]{15} {{ hostname }} dbus-daemon\[[0-9]+\]: \[system\] Successfully activated service 'org.freedesktop.PackageKit' +^[ :[:alnum:]]{15} {{ hostname }} dbus-daemon\[[0-9]+\]: \[system\] Successfully activated service 'org.freedesktop.PolicyKit1' ^[ :[:alnum:]]{15} {{ hostname }} fstrim\[[0-9]+\]: /: [.[:digit:]]+ [KMG]iB \([[:digit:]]+ bytes\) trimmed on /dev/md[[:digit:]] ^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon start ^[ :[:alnum:]]{15} {{ hostname }} PackageKit: daemon quit +^[ :[:alnum:]]{15} {{ hostname }} polkitd\[[0-9]+\]: started daemon version [.[:digit:]]+ using authority implementation `local' version `[.[:digit:]]+' ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session opened for user nobody by \(uid=0\) ^[ :[:alnum:]]{15} {{ hostname }} runuser: pam_unix\(runuser:session\): session closed for user nobody ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Invalid user [._'[:alnum:]-]+ from [.[:digit:]]+ port [[:digit:]]+ ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Received disconnect from [.[:digit:]]+ port [:[:digit:]]+ Bye Bye \[preauth\] ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Disconnected from invalid user [._'[:alnum:]-]+ [.[:digit:]]+ port [[:digit:]]+ \[preauth\] ^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection closed by [.[:digit:]]+ port [[:digit:]]+ \[preauth\] +^[ :[:alnum:]]{15} {{ hostname }} sshd\[[0-9]+\]: Connection reset by [.[:digit:]]+ port [[:digit:]]+ \[preauth\]